This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2008-05-16
Product Ubuntu Linux Last view 2016-12-16
Version 9.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2016-12-16 CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

7.8 2016-12-16 CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

7.8 2016-11-27 CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

5 2013-11-23 CVE-2010-3443

ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.

1.9 2010-09-29 CVE-2010-3310

Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.

7.2 2010-09-29 CVE-2010-3084

Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command.

2.1 2010-09-29 CVE-2010-2946

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.

7.2 2010-09-29 CVE-2010-2478

Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.

10 2010-09-08 CVE-2010-2495

The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.

4.9 2010-09-03 CVE-2010-2954

The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.

2.1 2010-09-03 CVE-2010-2226

The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.

6.8 2010-06-24 CVE-2010-2067

Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.

4.3 2010-03-03 CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

4.9 2010-02-22 CVE-2010-0410

drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages.

10 2010-02-22 CVE-2010-0159

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

4.7 2010-02-17 CVE-2010-0307

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.

5.8 2009-11-09 CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

7.2 2009-11-06 CVE-2009-3725

The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.

2.1 2009-10-20 CVE-2009-2910

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

7.1 2009-09-15 CVE-2009-2903

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.

4.9 2009-08-28 CVE-2009-3002

The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.

4.9 2009-08-28 CVE-2009-3001

The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.

7.2 2009-08-27 CVE-2009-2698

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

5.8 2009-08-21 CVE-2009-2474

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

7.2 2009-07-16 CVE-2009-1895

The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).

CWE : Common Weakness Enumeration

%idName
15% (4) CWE-200 Information Exposure
11% (3) CWE-476 NULL Pointer Dereference
11% (3) CWE-264 Permissions, Privileges, and Access Controls
11% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (2) CWE-399 Resource Management Errors
3% (1) CWE-772 Missing Release of Resource after Effective Lifetime
3% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (1) CWE-326 Inadequate Encryption Strength
3% (1) CWE-310 Cryptographic Issues
3% (1) CWE-190 Integer Overflow or Wraparound
3% (1) CWE-189 Numeric Errors
3% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
3% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
3% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
3% (1) CWE-20 Improper Input Validation
3% (1) CWE-16 Configuration

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
71961 Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...
71951 Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...
70620 mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection
70055 Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...
69561 IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex...
69032 Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext...
68290 Linux Kernel on 32-bit net/core/ethtool.c ethtool_get_rxnfc Function ETHTOOL_...
68289 Linux Kernel fs/jfs/xattr.c Extended Attribute Storage Legacy Format xattr Na...
68163 Linux Kernel net/rose/af_rose.c Multiple Function Signedness Error Local DoS
67897 Linux Kernel drivers/net/niu.c niu_get_ethtool_tcam_all() Function Crafted ET...
67896 Linux Kernel L2TP drivers/net/pppol2tp.c pppol2tp_xmit Function Routing Chang...
67773 Linux Kernel net/irda/af_irda.c irda_bind() Function Object Cleanup NULL Der...
67029 HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla...
66315 HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection
65676 LibTIFF tif_dirread.c TIFFFetchSubjectDistance Function SubjectDistance Field...
65631 Linux Kernel fs/xfs/xfs_dfrag.c xfs_swapext() Function Crafted IOCTL Local Ac...
65202 OpenOffice.org (OOo) TLS Renegotiation Handshakes MiTM Plaintext Data Injection
64725 HP System Management Homepage (SMH) TLS Renegotiation Handshakes MiTM Plainte...
64499 ArubaOS HTTPS WebUI Admin Interface TLS Renegotiation Handshakes MiTM Plainte...
64040 IBM DB2 TLS Renegotiation Handshakes MiTM Plaintext Data Injection
62877 SSH Tectia Audit Player TLS Renegotiation Handshakes MiTM Plaintext Data Inje...
62670 libpng pngrutil.c png_decompress_chunk Function Ancillary Chunks PNG File Dec...

ExploitDB Exploits

id Description
10579 TLS Renegotiation Vulnerability PoC Exploit
9575 Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit
9574 Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64)
9543 Linux Kernel < 2.6.31-rc7 AF_IRDA 29-Byte Stack Disclosure Exploit
9542 Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-02 (tiff)
File : nvt/glsa_201209_02.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS)
File : nvt/glsa_201206_18.nasl
2012-04-30 Name : Gentoo Security Advisory GLSA 201203-22 (nginx)
File : nvt/glsa_201203_22.nasl
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-16 Name : Ubuntu Update for mysql-5.1 USN-1397-1
File : nvt/gb_ubuntu_USN_1397_1.nasl
2012-03-15 Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an...
File : nvt/gb_VMSA-2010-0016.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-05 (gnutls)
File : nvt/glsa_201110_05.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-02 (MySQL)
File : nvt/glsa_201201_02.nasl
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1106 centos5 i386
File : nvt/gb_CESA-2009_1106_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1193 centos5 i386
File : nvt/gb_CESA-2009_1193_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1222 centos5 i386
File : nvt/gb_CESA-2009_1222_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1223 centos4 i386
File : nvt/gb_CESA-2009_1223_kernel_centos4_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1233 centos3 i386
File : nvt/gb_CESA-2009_1233_kernel_centos3_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1438 centos4 i386
File : nvt/gb_CESA-2009_1438_kernel_centos4_i386.nasl
2011-08-09 Name : CentOS Update for neon CESA-2009:1452 centos4 i386
File : nvt/gb_CESA-2009_1452_neon_centos4_i386.nasl
2011-08-09 Name : CentOS Update for neon CESA-2009:1452 centos5 i386
File : nvt/gb_CESA-2009_1452_neon_centos5_i386.nasl
2011-08-09 Name : CentOS Update for samba CESA-2009:1529 centos4 i386
File : nvt/gb_CESA-2009_1529_samba_centos4_i386.nasl
2011-08-09 Name : CentOS Update for samba CESA-2009:1529 centos5 i386
File : nvt/gb_CESA-2009_1529_samba_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1550 centos3 i386
File : nvt/gb_CESA-2009_1550_kernel_centos3_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1579 centos3 i386
File : nvt/gb_CESA-2009_1579_httpd_centos3_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1579 centos5 i386
File : nvt/gb_CESA-2009_1579_httpd_centos5_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2009:1580 centos4 i386
File : nvt/gb_CESA-2009_1580_httpd_centos4_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1671 centos4 i386
File : nvt/gb_CESA-2009_1671_kernel_centos4_i386.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-B-0048 Multiple Vulnerabilities in HP Systems Insight Manager
Severity: Category I - VMSKEY: V0032178
2012-B-0038 Multiple Vulnerabilities in HP Onboard Administrator
Severity: Category I - VMSKEY: V0031972
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158
2010-A-0015 Multiple Vulnerabilities in Red Hat Linux Kernel
Severity: Category I - VMSKEY: V0022631

Snort® IPS/IDS

Date Description
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41041 - Type : OS-LINUX - Revision : 2
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41040 - Type : OS-LINUX - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-03 Name: The remote web server may allow remote code execution.
File: iis_7_pci.nasl - Type: ACT_GATHER_INFO
2018-03-09 Name: The remote web server is affected by multiple vulnerabilities.
File: nginx_0_7_64.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote host is affected by a MITM vulnerability.
File: fortios_FG-IR-17-137.nasl - Type: ACT_GATHER_INFO
2016-12-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3157-1.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0006_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0015_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0019_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote host is missing a security-related patch.
File: vmware_VMSA-2009-0016_remote.nasl - Type: ACT_GATHER_INFO
2016-01-25 Name: The remote Debian host is missing a security update.
File: debian_DLA-400.nasl - Type: ACT_GATHER_INFO
2015-08-26 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3dac84c9bce141999784d68af1eb7b2e.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-2.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2645-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2647-1.nasl - Type: ACT_GATHER_INFO
2015-05-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3253.nasl - Type: ACT_GATHER_INFO